Security experts from Threat Metrix and the United Kingdom’s Action Fraud are warning Internet users to be on the lookout for a new variant of the infamous ZeuS malware that attempts to steal sensitive information by posing as genuine login pages.
It all starts with a normal
login page, but once unsuspecting internauts enter their credentials, they are presented with a webpage that requests credit card information.
In the case of social media sites, Facebook for instance, the victim is notified that by completing the form he/she can link his/her payment card to the account in order to make the acquisition of Facebook credits easier. This operation allegedly also offers enhanced security and even 20% cash back.
This variant of Zeus has been seen in campaigns that target major credit card companies from countries such as UK, US, Canada, Italy, Germany, Australia and even the Middle East.
The Trojan is also able to adjust balances so that the victims are unaware of the fraudulent transactions that have taken place.
Customers of payment processors and companies from the retail industry are also at risk since most websites can be easily replicated and for each situation the fraudsters can come up with apparently legitimate reasons for which the victim must provide credit card details.
“What puts social media websites, financial institutions, online retailers, and payment processors at such high risk with this particular variant of the Zeus Trojan is that all of the fraudulent pages and windows described in the report appear legitimate to most users,” said Andreas Baumhof, the CTO of ThreatMetrix.
“Pages include the branding and messaging typical to each of the industries the cybercriminals are targeting. They are even personalized with the victim’s name. To protect users and customers, all of these industries must realize how sophisticated today’s cybercriminals are and take proper steps to prevent these attacks.”